MozillaWiki

NSSCryptoModuleSpec/Section 9: Self Tests: Difference between revisions

Page Discussion

NSSCryptoModuleSpec/Section 9: Self Tests (view source)

Revision as of 19:11, 16 September 2005

4,455 bytes added ,  16 September 2005
m
no edit summary
(restoring version 11131 (despamming))
mNo edit summary
Line 35: Line 35:
||  
||  
'''Power-up Self Test''':
'''Power-up Self Test''':
PKCS#11 Initialization (todo: need link to FC_Initialize in fipstokn.c) : As part of the PKCS#11 initialization of the FIPS-140-2 module, any error return
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html#FC_Initialize PKCS#11 Initialization]: As part of the PKCS#11 initialization of the FIPS-140-2 module, any error return
from the battery of self tests will put the PKCS#11
from the battery of self tests will put the PKCS#11
module in the fatalError state. The fatalError state
module in the fatalError state. The fatalError state
Line 47: Line 47:
||  
||  


(todo: link to fipstest.c)
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.html 
Power up Self Test Code]


[[Power up SelfTest Design]]
[[Power up SelfTest Design]]
Line 53: Line 54:
No operator call backs have been implemented
No operator call backs have been implemented
at any point within the power-up self tests. These
at any point within the power-up self tests. These
tests are mandatory for the FIPS-140-1 mode of
tests are mandatory for the FIPS-140-2 mode of
operation.
operation.
||
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ] || ||
|  
'''For each error condition, document the
actions neccessary to clear the condition
and resume normal operation.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.07.02 VE.09.07.02 ] ||  
 
For fatal error conditions CKR_DEVICE_ERROR and CKR_HOST_MEMORY
the only way to clear the condition is to reboot the module. Upon
restart the power-up tests shall be initiated automatically
and do not require operator intervention. 
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] || ||
|  
'''Describe self-test initiation on demand''' -  requires that the running of power-up self-tests not involve any inputs from or actions by the operator.
|| [http://wiki.mozilla.org/VE_09#VE.09.09.01 VE.09.09.01 ] ||
 
'''The products will not have a user visible way to initiate
these tests other than restarting the program.'''
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ] || ||
|  
'''Document cryptographic algorithm's known answer test:'''
The vendor shall document the indicator that the module outputs upon
successful completion of the power-up self-tests.
|| [http://wiki.mozilla.org/VE_09#VE.09.10.01 VE.09.10.01 ] ||
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstokn.c.html Power Up Self Test Code] This is demonstrated throughout
the self test module. Each of the following functions declares
static key material at the beginning of each test and upon
successful completion returns CKR_OK:
 
 
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RC2_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RC4_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DES_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DES3_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_MD2_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_MD5_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_SHA1_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_RSA_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_DSA_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fips_AES_PowerUpSelfTest]
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
 
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] || ||
|  
'''Procedure by which an operator can
initiate the power-up self-tests
'''
|| [http://wiki.mozilla.org/VE_09#VE.09.12.01 VE.09.12.01 ] ||
 
'''The products will not have a user visible way to initiate
these tests other than restarting the program.'''
 
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] || ||
|  
'''All self tests shall use a known answer'''.
|| [http://wiki.mozilla.org/VE_09#VE.09.13.01 VE.09.13.01 ] ||
a known answer is shall be conducted for all cryptographic functions (e.g., encryption, decryption, authentication and random number generation) of each Approved cryptographic algorithm self test.
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] || ||
|  
 
'''If the calculated output does not equal the known answer, the known-answer test shall fail.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.16.01 VE.09.16.01 ] ||  
 
CKR_DEVICE_ERROR is returned when ever the calculated output does not equal
the known answer.
 
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ] || ||
|  
'''specify the method used to compare the calculated output with the known answer.'''
|| [http://wiki.mozilla.org/VE_09#VE.09.17.01 VE.09.17.01 ] ||  
 
PORT_Memcmp is used to compare the computed cipher text with the known
ciphertext.
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/fipstest.c.dep.html                      sftk_fipsPowerUpSelfTest]
When keys are used for encryption/decryption the
[http://www.mozilla.org/projects/security/pki/nss/fips/nss-source/mozilla/security/nss/lib/softoken/pkcs11c.c.dep.html#sftk_PairwiseConsistencyCheck  'Pairwise Consistency Check Self Tests'] are used.
||
|-
|-
| || [http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ] || ||
| || [http://wiki.mozilla.org/VE_09#VE.09.17.02 VE.09.17.02 ] || ||
Glen
219

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/12024"